[keycloak-user] IDP SAMLV2.0 with Salesforce

Marek Posolda mposolda at redhat.com
Mon May 4 08:36:31 EDT 2015 

Yeah, that worked for me. Localhost is also used in the example 
instructions 
https://docs.jboss.org/author/display/PLINK/Picketlink+as+IDP,+Salesforce+as+SP .

AFAIR Salesforce interacts with IDP just through browser redirects, not 
backchannel requests. So localhost is not a problem.

Marek

On 4.5.2015 13:59, Bill Burke wrote:
> Hey, do you know if Salesforce as an SP works if the IDP is localhost? 
> Or did you have to test that outside a firewall?
>
> On 5/4/2015 3:03 AM, Marek Posolda wrote:
>> As far as I remember, it could be the certificate in CRT format exported
>> from keystore file via "keytool -export" . At least that's what worked
>> for me couple of years back when I did integration of Salesforce with
>> Picketlink:
>> https://docs.jboss.org/author/display/PLINK/Picketlink+as+IDP,+Salesforce+as+SP 
>>
>>
>>
>> Marek
>>
>> On 30.4.2015 17:39, Bill Burke wrote:
>>> I set up a salesforce example and looked at the login response SAML
>>> document.  Looks like no assertion data is being sent back at all by
>>> salesforce.
>>>
>>> On 4/30/2015 9:43 AM, Bill Burke wrote:
>>>> i have no idea.  Basically this error is stating that the login 
>>>> response
>>>> saml document has no assertions within it.  If there are no 
>>>> assertions,
>>>> then there has been no identity data sent.
>>>>
>>>> I'm looking now, but can you send me a link on how to set up 
>>>> Salesforce
>>>> as an IDP?  Is one able to set up a free account and such?
>>>>
>>>> On 4/30/2015 9:25 AM, Henk Laracker wrote:
>>>>> Hi Bill,
>>>>>
>>>>> I don¹t know why I missed that, thanks! Salesforce respons know with
>>>>> the
>>>>> correct login page. After logging in in Salesforce, I¹m redirected to
>>>>> keycloak again with a internal error:
>>>>>
>>>>> Caused by: org.keycloak.broker.provider.IdentityBrokerException:
>>>>> Could not
>>>>> process response from SAML identity provider.
>>>>>     at
>>>>> org.keycloak.broker.saml.SAMLEndpoint$Binding.handleLoginResponse(SAMLEndpo 
>>>>>
>>>>>
>>>>> int.java:299)
>>>>>     at
>>>>> org.keycloak.broker.saml.SAMLEndpoint$Binding.handleSamlResponse(SAMLEndpoi 
>>>>>
>>>>>
>>>>> nt.java:343)
>>>>>     at
>>>>> org.keycloak.broker.saml.SAMLEndpoint$Binding.execute(SAMLEndpoint.java:169 
>>>>>
>>>>>
>>>>> )
>>>>>     at
>>>>> org.keycloak.broker.saml.SAMLEndpoint.postBinding(SAMLEndpoint.java:117) 
>>>>>
>>>>>
>>>>>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>> [rt.jar:1.8.0_45]
>>>>>     at
>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:6 
>>>>>
>>>>>
>>>>> 2) [rt.jar:1.8.0_45]
>>>>>     at
>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImp 
>>>>>
>>>>>
>>>>> l.java:43) [rt.jar:1.8.0_45]
>>>>>     at java.lang.reflect.Method.invoke(Method.java:497)
>>>>> [rt.jar:1.8.0_45]
>>>>>     at
>>>>> org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:1 
>>>>>
>>>>>
>>>>> 37) [resteasy-jaxrs-3.0.10.Final.jar:]
>>>>>     at
>>>>> org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethod 
>>>>>
>>>>>
>>>>> Invoker.java:296) [resteasy-jaxrs-3.0.10.Final.jar:]
>>>>>     at
>>>>> org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker. 
>>>>>
>>>>>
>>>>> java:250) [resteasy-jaxrs-3.0.10.Final.jar:]
>>>>>     at
>>>>> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(Resourc 
>>>>>
>>>>>
>>>>> eLocatorInvoker.java:140) [resteasy-jaxrs-3.0.10.Final.jar:]
>>>>>     at
>>>>> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoke 
>>>>>
>>>>>
>>>>> r.java:109) [resteasy-jaxrs-3.0.10.Final.jar:]
>>>>>     at
>>>>> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(Resourc 
>>>>>
>>>>>
>>>>> eLocatorInvoker.java:135) [resteasy-jaxrs-3.0.10.Final.jar:]
>>>>>     at
>>>>> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoke 
>>>>>
>>>>>
>>>>> r.java:103) [resteasy-jaxrs-3.0.10.Final.jar:]
>>>>>     at
>>>>> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher. 
>>>>>
>>>>>
>>>>> java:356) [resteasy-jaxrs-3.0.10.Final.jar:]
>>>>>     ... 39 more
>>>>> Caused by: org.keycloak.broker.provider.IdentityBrokerException: No
>>>>> assertion from response.
>>>>>     at
>>>>> org.keycloak.broker.saml.SAMLEndpoint$Binding.getAssertion(SAMLEndpoint.jav 
>>>>>
>>>>>
>>>>> a:309)
>>>>>     at
>>>>> org.keycloak.broker.saml.SAMLEndpoint$Binding.handleLoginResponse(SAMLEndpo 
>>>>>
>>>>>
>>>>> int.java:264)
>>>>>     ... 54 more
>>>>>
>>>>> Any idea?
>>>>>
>>>>> Henk
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 30/04/15 14:31, "Bill Burke" <bburke at redhat.com> wrote:
>>>>>
>>>>>> You want to chain keycloak server to Salesforce?
>>>>>>
>>>>>> If you create a SAMLv2 IdentityProvider in keycloak that points to
>>>>>> Salesforce, you;ll see after you create it, an Export button.  Click
>>>>>> that.  That will create an entity descriptor with all the 
>>>>>> information
>>>>>> you need.
>>>>>>
>>>>>> On 4/30/2015 2:45 AM, Henk Laracker wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> I like to use Salesforce as Identity Provider, the metadata
>>>>>>> provided by
>>>>>>> salesforce can be imported.
>>>>>>> But I need to specify the Service Provider in salesforce, I have
>>>>>>> to fill
>>>>>>> in a couple of fields, but two of them I don¹t understand (and are
>>>>>>> mandatory). Does someone have any clue
>>>>>>>
>>>>>>>     1. entity id , remark of salesforce : get this value from your
>>>>>>>        serviceprovider
>>>>>>>     2. ACS URL, remark of slaesforce : The assertion consumer
>>>>>>> service. Get
>>>>>>>        this value from your service provider.
>>>>>>>
>>>>>>> I have tried a lot of values but every-time I click the saml
>>>>>>> button on
>>>>>>> my app, it redirects to salesforce but I get a page with the 
>>>>>>> error :
>>>>>>> Error: Unable to resolve request into a Service Provider
>>>>>>>
>>>>>>> Henk
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> keycloak-user mailing list
>>>>>>> keycloak-user at lists.jboss.org
>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>
>>>>>> -- 
>>>>>> Bill Burke
>>>>>> JBoss, a division of Red Hat
>>>>>> http://bill.burkecentral.com
>>>>>> _______________________________________________
>>>>>> keycloak-user mailing list
>>>>>> keycloak-user at lists.jboss.org
>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>

More information about the keycloak-user mailing list